Weak password warning (#938)
* Weak password warning * Update UiWebsocket.py * Don't implement print with an O(n^2) iteration * Rename method * Fix logging, uncaught exception in addNotes and pushes a notification when UI server is bound to the whole Internet. * Remove memo comments. Remove terminal hue.
This commit is contained in:
parent
e6680b4f60
commit
35a18bd0b2
2 changed files with 95 additions and 48 deletions
|
@ -11,6 +11,14 @@ if "sessions" not in locals().keys(): # To keep sessions between module reloads
|
|||
sessions = {}
|
||||
|
||||
|
||||
def showPasswordAdvice(password):
|
||||
error_msgs = []
|
||||
if not password or not isinstance(password, (str, unicode)):
|
||||
error_msgs.append("You have enabled <b>UiPassword</b> plugin, but you forgot to set a password!")
|
||||
elif len(password) < 8:
|
||||
error_msgs.append("You are using a very short UI password!")
|
||||
return error_msgs
|
||||
|
||||
@PluginManager.registerTo("UiRequest")
|
||||
class UiRequestPlugin(object):
|
||||
sessions = sessions
|
||||
|
@ -57,13 +65,10 @@ class UiRequestPlugin(object):
|
|||
yield template
|
||||
|
||||
def checkPassword(self, password):
|
||||
if password == config.ui_password:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
return password == config.ui_password
|
||||
|
||||
def randomString(self, chars):
|
||||
return ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for _ in range(chars))
|
||||
def randomString(self, nchars):
|
||||
return ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for _ in range(nchars))
|
||||
|
||||
@classmethod
|
||||
def cleanup(cls):
|
||||
|
@ -97,6 +102,7 @@ class UiRequestPlugin(object):
|
|||
yield "Error: Invalid session id"
|
||||
|
||||
|
||||
|
||||
@PluginManager.registerTo("ConfigPlugin")
|
||||
class ConfigPlugin(object):
|
||||
def createArguments(self):
|
||||
|
@ -106,6 +112,7 @@ class ConfigPlugin(object):
|
|||
return super(ConfigPlugin, self).createArguments()
|
||||
|
||||
|
||||
from Translate import translate as lang
|
||||
@PluginManager.registerTo("UiWebsocket")
|
||||
class UiWebsocketPlugin(object):
|
||||
def actionUiLogout(self, to):
|
||||
|
@ -116,3 +123,10 @@ class UiWebsocketPlugin(object):
|
|||
session_id = self.request.getCookies().get("session_id", "")
|
||||
message = "<script>document.location.href = '/Logout?session_id=%s'</script>" % session_id
|
||||
self.cmd("notification", ["done", message])
|
||||
|
||||
def addHomepageNotifications(self):
|
||||
error_msgs = showPasswordAdvice(config.ui_password)
|
||||
for msg in error_msgs:
|
||||
self.site.notifications.append(["error", lang[msg]])
|
||||
|
||||
return super(UiWebsocketPlugin, self).addHomepageNotifications()
|
||||
|
|
|
@ -48,52 +48,21 @@ class UiWebsocket(object):
|
|||
file_server = sys.modules["main"].file_server
|
||||
if file_server.port_opened is None or file_server.tor_manager.start_onions is None:
|
||||
self.site.page_requested = False # Not ready yet, check next time
|
||||
elif file_server.port_opened is True:
|
||||
self.site.notifications.append([
|
||||
"done",
|
||||
_["Congratulation, your port <b>{0}</b> is opened.<br>You are full member of ZeroNet network!"].format(config.fileserver_port),
|
||||
10000
|
||||
])
|
||||
elif config.tor == "always" and file_server.tor_manager.start_onions:
|
||||
self.site.notifications.append([
|
||||
"done",
|
||||
_(u"""
|
||||
{_[Tor mode active, every connection using Onion route.]}<br>
|
||||
{_[Successfully started Tor onion hidden services.]}
|
||||
"""),
|
||||
10000
|
||||
])
|
||||
elif config.tor == "always" and file_server.tor_manager.start_onions is not False:
|
||||
self.site.notifications.append([
|
||||
"error",
|
||||
_(u"""
|
||||
{_[Tor mode active, every connection using Onion route.]}<br>
|
||||
{_[Unable to start hidden services, please check your config.]}
|
||||
"""),
|
||||
0
|
||||
])
|
||||
elif file_server.port_opened is False and file_server.tor_manager.start_onions:
|
||||
self.site.notifications.append([
|
||||
"done",
|
||||
_(u"""
|
||||
{_[Successfully started Tor onion hidden services.]}<br>
|
||||
{_[For faster connections open <b>{0}</b> port on your router.]}
|
||||
""").format(config.fileserver_port),
|
||||
10000
|
||||
])
|
||||
else:
|
||||
self.site.notifications.append([
|
||||
"error",
|
||||
_(u"""
|
||||
{_[Your connection is restricted. Please, open <b>{0}</b> port on your router]}<br>
|
||||
{_[or configure Tor to become full member of ZeroNet network.]}
|
||||
""").format(config.fileserver_port),
|
||||
0
|
||||
])
|
||||
try:
|
||||
self.addHomepageNotifications()
|
||||
except Exception, err:
|
||||
self.log.error("Uncaught Exception: " + Debug.formatException(err))
|
||||
|
||||
for notification in self.site.notifications: # Send pending notification messages
|
||||
# send via WebSocket
|
||||
self.cmd("notification", notification)
|
||||
# just in case, log them to terminal
|
||||
if notification[0] == "error":
|
||||
self.log.error("\n*** %s\n" % self.dedent(notification[1]))
|
||||
|
||||
self.site.notifications = []
|
||||
|
||||
while True:
|
||||
try:
|
||||
message = ws.receive()
|
||||
|
@ -107,7 +76,71 @@ class UiWebsocket(object):
|
|||
if config.debug: # Allow websocket errors to appear on /Debug
|
||||
sys.modules["main"].DebugHook.handleError()
|
||||
self.log.error("WebSocket handleRequest error: %s \n %s" % (Debug.formatException(err), message))
|
||||
self.cmd("error", "Internal error: %s" % Debug.formatException(err, "html"))
|
||||
if not self.hasPlugin("Multiuser"):
|
||||
self.cmd("error", "Internal error: %s" % Debug.formatException(err, "html"))
|
||||
|
||||
def dedent(self, text):
|
||||
return re.sub("[\\r\\n\\x20\\t]+", " ", text.strip().replace("<br>", " "))
|
||||
|
||||
def addHomepageNotifications(self):
|
||||
if not(self.hasPlugin("Multiuser")) and not(self.hasPlugin("UiPassword")):
|
||||
bind_ip = getattr(config, "ui_ip", "")
|
||||
whitelist = getattr(config, "ui_restrict", [])
|
||||
# binds to the Internet, no IP whitelist, no UiPassword, no Multiuser
|
||||
if ("0.0.0.0" == bind_ip or "*" == bind_ip) and (not whitelist):
|
||||
self.site.notifications.append([
|
||||
"error",
|
||||
_(u"You are not going to set up a public gateway. However, <b>your Web UI is<br>" + \
|
||||
"open to the whole Internet.</b> " + \
|
||||
"Please check your configuration.")
|
||||
])
|
||||
|
||||
file_server = sys.modules["main"].file_server
|
||||
if file_server.port_opened is True:
|
||||
self.site.notifications.append([
|
||||
"done",
|
||||
_["Congratulation, your port <b>{0}</b> is opened.<br>You are full member of ZeroNet network!"].format(config.fileserver_port),
|
||||
10000
|
||||
])
|
||||
elif config.tor == "always" and file_server.tor_manager.start_onions:
|
||||
self.site.notifications.append([
|
||||
"done",
|
||||
_(u"""
|
||||
{_[Tor mode active, every connection using Onion route.]}<br>
|
||||
{_[Successfully started Tor onion hidden services.]}
|
||||
"""),
|
||||
10000
|
||||
])
|
||||
elif config.tor == "always" and file_server.tor_manager.start_onions is not False:
|
||||
self.site.notifications.append([
|
||||
"error",
|
||||
_(u"""
|
||||
{_[Tor mode active, every connection using Onion route.]}<br>
|
||||
{_[Unable to start hidden services, please check your config.]}
|
||||
"""),
|
||||
0
|
||||
])
|
||||
elif file_server.port_opened is False and file_server.tor_manager.start_onions:
|
||||
self.site.notifications.append([
|
||||
"done",
|
||||
_(u"""
|
||||
{_[Successfully started Tor onion hidden services.]}<br>
|
||||
{_[For faster connections open <b>{0}</b> port on your router.]}
|
||||
""").format(config.fileserver_port),
|
||||
10000
|
||||
])
|
||||
else:
|
||||
self.site.notifications.append([
|
||||
"error",
|
||||
_(u"""
|
||||
{_[Your connection is restricted. Please, open <b>{0}</b> port on your router]}<br>
|
||||
{_[or configure Tor to become full member of ZeroNet network.]}
|
||||
""").format(config.fileserver_port),
|
||||
0
|
||||
])
|
||||
|
||||
def hasPlugin(self, name):
|
||||
return name in PluginManager.plugin_manager.plugin_names
|
||||
|
||||
# Has permission to run the command
|
||||
def hasCmdPermission(self, cmd):
|
||||
|
|
Loading…
Reference in a new issue